Card account numbers and related account information are sometimes stolen and used to conduct fraudulent transactions. The fraudulent use of card numbers (e.g., from credit, debit or other financial cards) is a significant problem in the case of on-line or “card-not-present” transactions, where a merchant (such as an on-line merchant operating e-commerce website) has no opportunity to view the card being used and take steps to reduce fraud, e.g., by asking a customer for proof of identity.
Various systems have been put in place to combat fraudulent use of cards. For example, an address verification system or service (AVS) may require the user of a card enter a billing address for the card account along with the card number. An authorization request is sent by the merchant to the card issuer, where the card number (and address) are checked against the issuer's database records (to make sure the billing address of record is the same as that provided by the customer). In other systems, the customer may also be asked to provide a card verification value or identifier (CVV) that may appear on the back of the card, to assure that the person in possession of the card number also has possession of the physical card (and can provide the identifier from the back of the card).
Even more complex (and more expensive) systems can be employed. For example, systems using extensive algorithms can be put in place by a merchant, issuer or card processor to analyze factors associated with a card transaction (e.g., lists of stolen or likely stolen credit card numbers, identifies of known thieves, websites or purchased products likely to be involved in fraud, and so forth), and calculate the likelihood that a transaction is fraudulent.
Stolen credit card numbers are often obtained from on-line scams or from hacking into systems storing card information, such that a thief may not only have a card number but also personal information of the card holder (such as an address). As a result, the existing systems for combating fraudulent card transactions (e.g., relying on both a card number and a billing address) are sometimes not effective. There has thus arisen the need for improvement of existing systems and techniques for combating use of stolen card numbers and related personal information.